For more than 50 years, Auerbach Publications has been printing cutting-edge books on all topics IT.

Read archived articles or become a new subscriber to IT Today, a free newsletter.

This free newsetter offers strategies and insight to managers and hackers alike. Become a new subscriber today.


Contact

Interested in submitting an article? Want to comment about an article?

Contact John Wyzalek editor of IT Performance Improvement.

 

Why Should the IT Helpdesk be Responsible for Authorizations?

Dean Wiech

People can arrange their personal finance through Internet banking while e-HRM even allows them to manage their days of leave. However, they have no way of managing their network access rights by themselves. This remains the responsibility of the IT helpdesk. How logical is it to have the IT helpdesk decide whether users receive access rights to applications?

Because, all things considered, the IT helpdesk has no idea whether someone really needs these access rights to perform their daily work. Why don't companies delegate the assignment of network access rights to the organization—to the relevant managers and other responsible stakeholders? After all, they are the ones who know what employees actually need. Added to which, it would substantially relieve the helpdesk of its work burden.

Using the steps below, businesses small and large will be able to transfer user management tasks from the IT helpdesk to the organization in a simple and secure manner.

  1. Identify frequently occurring changes.      Make sure to map out the top 10 of logical changes that the helpdesk is asked to perform. This will often concern requests, such as assigning reading and writing rights to folders, adding of removing a distribution list or authorizations for a particular application. These logical changes can be automated in a simple way. Unfortunately, the same does not apply to physical changes (such as requests for a new desk or smartphone). The latter category will always require physical intervention by another person. More benefits can be gained by automating logical changes.
  2. Insight into the change approval cycle      Subsequently, one has to look at how the change approval process takes place across the organization. Who is responsible for what? Automating the delegation of change requests to the organization requires that an owner—whether it be a supervisor, application administrator or licence manager—is defined for every change. This means the IT helpdesk is no longer the owner of the change.
  3. Digitizing paper-based processes      Processes that currently use paper forms can be digitized. The advantage of this is that obligatory fields can be added and employees can be authorised before submitting a change request.
  4. Self-service portal      The next step is to lay down the approval cycles in a workflow management system. Staff members should be able to independently request, check and approve IT facilities through a web portal. Change requests are automatically forwarded to the right owner, who can approve or reject the request and provide an explanation where necessary. It will not be possible to implement a change until the responsible manager or owner has given approval. All the relevant details, including the requester, the request proper, the time of approval and the approver are laid down in an audit trail. Employees can follow the status of their request at any time through the portal, meaning they do not have to approach the IT helpdesk for this purpose.
  5. Implementation of changes across the network      Upon approval, change requests can be directly implemented across the network using the identity and access management (IAM) suite. For instance, particular authorizations can be assigned to a specific user account. The software will also automatically register the change in a service management solution and automatically implement it.

    When organizations follow these steps, they eliminate the IT helpdesk from the decision tree. Organizational change processes are thus delegated to the right persons, namely the users, application administrators and managers.

    Read more IT Performance Improvement

About the Author

Dean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions. He has worked with businesses, educational entities and municipalities for more than 20 years, helping them identify solutions that make their businesses and operations more secure, efficient and easier to manage. He is responsible for Tools4ever's US operations, and has written dozens of articles about identity and access management, security, IT audits, strategy, BYOD, the cloud and managing IT solutions for small businesses to enterprise systems.